//package com.example.hellodocker.config;
//
//import com.example.hellodocker.service.SysUserService;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//
//import javax.annotation.Resource;
//
///**
// * {@code @Author} ChenZY
// * {@code @Date}  2023/9/27 10:32
// * {@code @Description}
// */
//@Configuration
//@EnableWebSecurity //开启Security
//@EnableGlobalMethodSecurity(prePostEnabled = true) //方法级别的安全认证
//public class SecurityConfig extends WebSecurityConfigurerAdapter {
//
//    @Resource
//    private SysUserService sysUserService;
//
//    @Bean
//    public PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
//    }
//
//    //重写configure配置,将我们自己的校验密码器注入到该bean中
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.userDetailsService(sysUserService).passwordEncoder(passwordEncoder());
//    }
//
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//
//        // 表单认证
//        http.formLogin()
//                .loginProcessingUrl("/login") //当发现/login 时认为是登录，需要执行 UserDetailsServiceImpl
//                .successForwardUrl("/toLogin") //此处是 post 请求
//                .loginPage("/login.html");
//
//        // url 拦截
//        http.authorizeRequests()
//                .antMatchers("/login.html").permitAll() //login.html 不需要被认证
//                .anyRequest().authenticated();//所有的请求都必须被认证。必须登录后才能访问。
//
//        //关闭 csrf 防护
//        http.csrf().disable();
//
//    }
//
//
//}
//
